Data On 123 Million US Households Leaked Online

Security researchers at UpGuard recently made a terrifying discovery in finding an unprotected Amazon S3 server containing several databases belonging to a data analytics provider called Alteryx.

While the server contained a variety of databases, the two that are of biggest concern belonged to Alteryx’s business partners, Experian and the US Census Bureau.

Of these, far and away the most damaging database was the one belonging to Experian. As a credit reporting agency, Experian has access to just about everything that relates to your personal finances. In addition to your address, they’ve got details on how many credit cards you have, what your average balances on each one are, what your credit limit is, the state of your mortgage and more. All of that information was sitting on a completely unprotected server that literally anyone could access.

The scope and scale of the database is almost beyond comprehension, containing more than 3.5 billion financial details of more than 123 US households. That’s almost every household in the country.

It’s not much of a silver lining, but the database did not contain any names. Having said that, since address information was present, linking an address with the name of the current occupant is a trivial task for any hacker.

At this point, it’s unclear if anyone other than the UpGuard researchers downloaded the databases, but ultimately, it doesn’t matter. The simple fact that so much information on so many American households was left unguarded means that virtually every person in the country is now at risk of identity theft.

At the root, this is a problem of standards. Contractors like Alteryx simply do not adhere to the same security standards as the company or agency charged with the responsibility of safeguarding the data in the first place (Experian and the US Census Bureau, in this case). Given that, it was only a matter of time before a mishap of this scale occurred.

At this point, there’s really nothing you can do but be mindful that your personal information may have been compromised, and stay vigilant.